Suspicious
Suspect

24d628fa4b30bae869a63e3167af63ad

MS Office Document
|
MD5: 24d628fa4b30bae869a63e3167af63ad
|
Size: 10.02 MB
|
application/vnd.ms-office

Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
24d628fa4b30bae869a63e3167af63ad
Sha1
aec6e3f690b90c6e8949a9138921e8019882cc66
Sha256
062653518f1b169c714c9053bc932317ce32fc2f415dddd70de5e5550620d61d
Sha384
de8d5f3517a10d221c69b676c8bd5a4228d57c9bf32d7a51a6cd7404e2275e5b8bc233bdb40ee6f0b12fd60ffafa72f4
Sha512
09637a8659bfe8eb538d763f82beed6b2119431b527ec16567a3e28336dc6780bf458bfc592761d75a0329b2da6ba9c4565faa92a722e4e958db06769ebb582a
SSDeep
196608:ckkCobFNHhBBq5emVyynXT3w4VwEdkUJX/6DuIhVfocwoDZ8sYCJ:KCobzHPw5emy6DfwMrJiDuIhTV9
TLSH
E7A6330AF8C6C29DDEA9DD771A3EDAA1C8037D5D58E6C0AD1B45B30E733A5F39299010
File Structure
24d628fa4b30bae869a63e3167af63ad
Root Entry
䡀䌏䈯
䄦㡥䆾䅤
GlmWVEVMTqt
JiYvFj8hVw2oe6V
PtxuLQBmcFo
[Authenticode]_3cdade04.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.data
.idata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
RW9ln0dE
[Authenticode]_fc8b95ca.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:1033
ID:1033-preview.png
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:1033-preview.png
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
RT_GROUP_CURSOR4
ID:0065
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
oAXwuvJs0G9Yq0
[Authenticode]_e846ff41.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0002
ID:1033
BfAZLcj6cmu
[Authenticode]_c4ce1ae9.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
bkaKTFW5
[Authenticode]_55260041.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
oK513eMOl7
[Authenticode]_9b75e235.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.data
.idata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
fzNMD0B1
[Authenticode]_78c491b4.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
䡀䈖䌧䠤
䡀㬿䏲䐸䖱
䡀㽿䅤䈯䠶
䡀䈏䗤䕸䠨
䡀䕙䓲䕨䜷
䡀䌍䈵䗦䕲䠼
䡀䒌䓰䑲䑨䠷
䡀㼿䕷䑬㭪䗤䠤
䡀㼿䕷䑬㹪䒲䠯
䡀㿿䏤䇬䗤䒬䠱
䡀䖖㯬䏬㱨䖤䠫
䡀䘌䗶䐲䆊䌷䑲
䡀䇊䌰㾱㼒䔨䈸䆱䠨
䡀䈏䗤䕸㬨䐲䒳䈱䗱䠶
䡀䑒䗶䏤㾯㼒䔨䈸䆱䠨
䡀䇊䌰㮱䈻䘦䈷䈜䘴䑨䈦
䡀䇊䗹䛎䆨䗸㼨䔨䈸䆱䠨
䡀䑒䗶䏤㮯䈻䘦䈷䈜䘴䑨䈦
SummaryInformation
GlmWVEVMTqt
JiYvFj8hVw2oe6V
PtxuLQBmcFo
RW9ln0dE
oAXwuvJs0G9Yq0
BfAZLcj6cmu
bkaKTFW5
oK513eMOl7
fzNMD0B1
Artefacts
Name
 Value
URLs in VB Code - #1

file:///
URLs in VB Code - #2

http://ocsp.digicert.com0A
URLs in VB Code - #3

http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
URLs in VB Code - #4

http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
URLs in VB Code - #5

http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
URLs in VB Code - #6

http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
URLs in VB Code - #7

http://www.digicert.com/CPS0
URLs in VB Code - #8

http://ocsp.digicert.com0
URLs in VB Code - #9

http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
URLs in VB Code - #10

http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
URLs in VB Code - #11

http://ocsp.digicert.com0X
URLs in VB Code - #12

http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
URLs in VB Code - #13

http://ocsp.digicert.com0C
URLs in VB Code - #14

http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
URLs in VB Code - #15

http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
24d628fa4b30bae869a63e3167af63ad (10.02 MB)
File Structure
24d628fa4b30bae869a63e3167af63ad
Root Entry
䡀䌏䈯
䄦㡥䆾䅤
GlmWVEVMTqt
JiYvFj8hVw2oe6V
PtxuLQBmcFo
[Authenticode]_3cdade04.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.data
.idata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
RW9ln0dE
[Authenticode]_fc8b95ca.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:1033
ID:1033-preview.png
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:1033-preview.png
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
RT_GROUP_CURSOR4
ID:0065
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
oAXwuvJs0G9Yq0
[Authenticode]_e846ff41.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0002
ID:1033
BfAZLcj6cmu
[Authenticode]_c4ce1ae9.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
bkaKTFW5
[Authenticode]_55260041.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
oK513eMOl7
[Authenticode]_9b75e235.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.data
.idata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
fzNMD0B1
[Authenticode]_78c491b4.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
䡀䈖䌧䠤
䡀㬿䏲䐸䖱
䡀㽿䅤䈯䠶
䡀䈏䗤䕸䠨
䡀䕙䓲䕨䜷
䡀䌍䈵䗦䕲䠼
䡀䒌䓰䑲䑨䠷
䡀㼿䕷䑬㭪䗤䠤
䡀㼿䕷䑬㹪䒲䠯
䡀㿿䏤䇬䗤䒬䠱
䡀䖖㯬䏬㱨䖤䠫
䡀䘌䗶䐲䆊䌷䑲
䡀䇊䌰㾱㼒䔨䈸䆱䠨
䡀䈏䗤䕸㬨䐲䒳䈱䗱䠶
䡀䑒䗶䏤㾯㼒䔨䈸䆱䠨
䡀䇊䌰㮱䈻䘦䈷䈜䘴䑨䈦
䡀䇊䗹䛎䆨䗸㼨䔨䈸䆱䠨
䡀䑒䗶䏤㮯䈻䘦䈷䈜䘴䑨䈦
SummaryInformation
GlmWVEVMTqt
JiYvFj8hVw2oe6V
PtxuLQBmcFo
RW9ln0dE
oAXwuvJs0G9Yq0
BfAZLcj6cmu
bkaKTFW5
oK513eMOl7
fzNMD0B1
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
URLs in VB Code - #1

file:///

24d628fa4b30bae869a63e3167af63ad > Root Entry > 䄦㡥䆾䅤 > bkaKTFW5
URLs in VB Code - #2

http://ocsp.digicert.com0A

24d628fa4b30bae869a63e3167af63ad > Root Entry > 䄦㡥䆾䅤 > bkaKTFW5
URLs in VB Code - #3

http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C

24d628fa4b30bae869a63e3167af63ad > Root Entry > 䄦㡥䆾䅤 > bkaKTFW5
URLs in VB Code - #4

http://crl3.digicert.com/DigiCertTrustedRootG4.crl0

24d628fa4b30bae869a63e3167af63ad > Root Entry > 䄦㡥䆾䅤 > bkaKTFW5
URLs in VB Code - #5

http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S

24d628fa4b30bae869a63e3167af63ad > Root Entry > 䄦㡥䆾䅤 > bkaKTFW5
URLs in VB Code - #6

http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=

24d628fa4b30bae869a63e3167af63ad > Root Entry > 䄦㡥䆾䅤 > bkaKTFW5
URLs in VB Code - #7

http://www.digicert.com/CPS0

24d628fa4b30bae869a63e3167af63ad > Root Entry > 䄦㡥䆾䅤 > bkaKTFW5
URLs in VB Code - #8

http://ocsp.digicert.com0

24d628fa4b30bae869a63e3167af63ad > Root Entry > 䄦㡥䆾䅤 > bkaKTFW5
URLs in VB Code - #9

http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0

24d628fa4b30bae869a63e3167af63ad > Root Entry > 䄦㡥䆾䅤 > bkaKTFW5
URLs in VB Code - #10

http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0

24d628fa4b30bae869a63e3167af63ad > Root Entry > 䄦㡥䆾䅤 > bkaKTFW5
URLs in VB Code - #11

http://ocsp.digicert.com0X

24d628fa4b30bae869a63e3167af63ad > Root Entry > 䄦㡥䆾䅤 > bkaKTFW5
URLs in VB Code - #12

http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0

24d628fa4b30bae869a63e3167af63ad > Root Entry > 䄦㡥䆾䅤 > bkaKTFW5
URLs in VB Code - #13

http://ocsp.digicert.com0C

24d628fa4b30bae869a63e3167af63ad > Root Entry > 䄦㡥䆾䅤 > bkaKTFW5
URLs in VB Code - #14

http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E

24d628fa4b30bae869a63e3167af63ad > Root Entry > 䄦㡥䆾䅤 > bkaKTFW5
URLs in VB Code - #15

http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0

24d628fa4b30bae869a63e3167af63ad > Root Entry > 䄦㡥䆾䅤 > bkaKTFW5
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙